Utilizing Mobile Device Management (MDM) is integral to controlling access to sensitive data, but it’s also a complex process that requires advanced expertise.
Fortunately, Tom Rice and his team of Apple Solutions Engineers have that expertise. This week, we got an update from Tom on his ongoing Apple deployment project as his team helped their customer set up Apple Business Manager and implement an MDM solution.
We also talked to Kevin English about his experience using Apple Vision Pro, what he’s hearing from customers who are interested in buying it, and why MDM support can make or break a new platform.
Super vision
For any organization that deploys devices to employees, it’s important for those devices to be managed by some sort of MDM tool. As employees are onboarded or, more importantly, offboarded, MDM allows IT managers to quickly and easily configure, erase, or even lock devices remotely.
For Apple devices, the best way to implement an MDM solution is to start with Apple Business Manager (ABM). ABM lets organizations keep track of company-owned devices, and it can be configured to automatically enroll deployed devices with a chosen MDM vendor as soon as it's connected to the internet. This is the cornerstone of zero-touch deployment. An organization can purchase a Mac through an online portal, have it shipped directly to a remote office or even an employee’s home, and configure it with any necessary security settings and applications, all without ever even seeing the device. The initial setup of this kind of workflow can be intense, but it makes life a lot easier for IT teams in the long run.
Devices that are enrolled into ABM become “supervised,” which essentially tells the device that it is owned by the organization. Supervision gives IT teams additional layers of control, letting them configure everything from Bluetooth settings to the device’s wallpaper.
Micro management
The benefits of MDM don’t end with deployment. Every time a device connects to a network, it checks for anything new - security updates, configuration changes, new apps - whatever IT needs to implement. We’ve come a long way from the days of IT admins walking from workstation to workstation with a USB drive, DVD, or *gasp* a floppy disk to change configuration settings or install applications.
Some organizations, like Tom’s customer, even decide to utilize a self-service application portal where employees can download whatever applications they need on an ad hoc basis. This reduces the IT effort and network load involved in pushing unnecessary applications to employees that will never use them.
Kind of a big deal
When it comes to enterprise support of new platforms, MDM support is critical. Any large organization should be wary of adding unmanaged devices to its network, so a brand-new platform like Apple Vision Pro needs MDM support to have any chance of widespread adoption. As Kevin puts it, “I think it's paramount. I think MDM is the difference between success and failure of a new device in the enterprise.”
Fortunately, Apple has already made strides in this respect. Vision Pro can be enrolled in MDM via account-based enrollment, giving admins the ability to push apps, network configurations, and SSO settings to the device. This type of enrollment stops short of full supervision, so organizations purchasing Vision Pro today can’t use ABM to automatically enroll their devices. Fortunately, that functionality is coming in visionOS 2 later this year.
The fact that Apple is adding MDM support this early in the device’s lifecycle shows that they realize the importance of the enterprise and want to give organizations every opportunity to find new use cases for this cutting-edge platform.
---
Be sure to check out WeGotYourMac.com for more episodes and content on Mac adoption and other end-user computing topics.
This episode of We Got Your Mac is presented in collaboration with SHI’s Zero-Touch X. When your employees need the latest devices shipped directly to their home or local workplace, and ready to go with the right apps, accounts and privileges, Zero Touch X is game-changer.
Zero Touch X supports MacOS, iOS, Windows, Android and Chrome OS, helping support employee choice programs, improving user productivity and reducing the overhead on your internal IT teams.
Give your device lifecycle the X Factor, learn more about SHI’s Zero Touch X today.
We Got Your Mac is available on Podbean, Apple Podcasts, Spotify, YouTube, or anywhere else you get your podcasts.
